Hello Netlify Support,
I am encountering an issue with my Next.js application hosted on a Pro account on Netlify, where I am unable to integrate Content Security Policy (CSP) correctly. Despite configuring the CSP using the plugin in the netlify.toml file and/or enabling integration from the Netlify site settings, the nonce attribute is not being applied to my scripts.
Here are the steps I’ve taken and the issues I’ve encountered:
- Configured CSP Plugin: I have added the necessary configuration for the CSP plugin in my
netlify.tomlfile, expecting it to automatically set nonces for my scripts. - Enabled Integration from Netlify Site: I have also tried enabling CSP integration directly from my Netlify site dashboard, assuming it would manage the nonces.
- No Nonce Set: Despite these configurations, there is no nonce set to the scripts when I inspect the deployed site, and it behaves as if CSP is not enabled at all.
- No Logs in Functions: The CSP settings appear in the Functions section of my Netlify dashboard, but there are no logs or errors indicating what might be going wrong.
I am looking for guidance on why the nonce is not being set and how to resolve this issue. Any insights or suggestions would be greatly appreciated.
Thank you for your assistance.